Cross-Site Scripting Vulnerability in UI Patterns by Drupal
CVE-2026-15084

Currently unrated

Key Information:

Vendor

Drupal

Vendor
CVE Published:
10 July 2026

What is CVE-2026-15084?

A Cross-Site Scripting (XSS) vulnerability exists in the Drupal UI Patterns module, allowing malicious users to inject harmful scripts into generated web pages. This issue affects UI Patterns versions from 2.0.0 to 2.0.17, enabling attackers to execute scripts in the context of another user's session, potentially compromising user data and application integrity.

Affected Version(s)

UI Patterns (SDC in Drupal UI) 2.0.0 < 2.0.17

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Hervé Donner (herved)
Florent Torregrosa (grimreaper)
Hervé Donner (herved)
Mikael Meulle (just_like_good_vibes)
Pierre Dureau (pdureau)
Neil Drumm (drumm)
Greg Knaddison (greggles)
Juraj Nemec (poker10)
Dave Long (longwave)
.